Ransomware has permanently changed how security leaders think about risk. Verizon’s 2025 Data Breach Investigations Report found that ransomware was involved in 44% of all breaches. For small and midsize businesses, the problem is big; ransomware was involved in nearly nine out of 10 breaches, compared to it playing a role in 39% of incidents among large organizations.
Many of these attacks begin by breaching privileged accounts and identity infrastructure, targeting identity because of its reach and influence. Compromising identity infrastructure such as Active Directory enables adversaries to escalate privileges and block legitimate users from their own systems within minutes.
Even when those applications and data are restored, a compromised identity layer can leave an organization locked out of its environment for the long term, stalling recovery efforts across the enterprise.
This is why identity recovery is now a central ingredient in cyber resilience. Identity systems are deeply integrated into authentication and access pathways. When they fail, recovery becomes even more complex. Security leaders know that recovering identity is about bringing systems back up and restoring access securely, so attackers cannot find their way back in.
A board-level issue
Boards of directors and regulators are now treating resilience as a core component of enterprise risk management. Cyber insurance providers require evidence of tested recovery plans, immutable backups, and defined recovery time and recovery point objectives before underwriting coverage. Regulatory frameworks like the General Data Protection Regulation and the California Consumer Privacy Act impose stiff penalties for extended downtime and data exposure.
As a result, organizations are moving beyond traditional backup strategies toward recovery engineering. Recovery is a designed capability rather than an emergency response. It relies on automation, orchestration, and repeatable processes that reduce dependence on manual intervention during high-stress incidents. It also aligns technical recovery with business priorities, helping CISOs communicate resilience in terms that executives and boards understand.
To reduce downtime and regain control quickly after a ransomware or identity-based attack, CISOs should prioritize these capabilities:
- Identity resilience: Implement immutable backups and automated recovery for identity systems such as Active Directory.
- Zero-trust architecture: Apply least-privilege access and continuous authentication to reduce the blast radius of an attack.
- Automated orchestration: Limit manual steps in recovery workflows so teams can respond faster under pressure.
- Regulatory readiness: Make audit-ready reporting and compliance validation part of resilience planning, not an afterthought.
- AI-ready protection: Account for risks introduced by autonomous agents and AI-driven operations by securing data environments and enabling fast rollback of damaging actions.
- Backup platform isolation: Treat the backup environment as a separate security domain that can function as a minimum viable recovery environment when needed.
Cognizant and Rubrik help organizations improve cyber resilience with a unified, service-based model that integrates data protection, identity resilience, and business continuity.
Rubrik provides capabilities such as immutable storage, rapid ransomware recovery, sensitive data discovery, and identity resilience, including support for restoring Active Directory environments. Cognizant brings orchestration across technologies and domain expertise to align recovery actions with business outcomes, ensuring that restoration efforts support operational continuity and compliance requirements.
Learn more about how Cognizant and Rubrik are helping organizations strengthen business resilience. If you would like further details or have specific questions, send an email to: [email protected]
About Sriramkumar Kumaresan
Cognizant
Sriram Kumaresan leads the Global Cloud, Infrastructure and Security practice atCognizant, overseeing approximately 35,000 professionals. With over 25 years of experience, he excels in building and scaling businesses from strategy to execution. Sriram is responsible for driving market share (strategy, GTM and growth) and mindshare (offering, partner strategy and market positioning) through strategic approaches, customer centricity and the deep technical expertise inCognizant’s Cloud, Infrastructure and Security business. Beyond his professional achievements, he is also a mentor and advocate for diversity in tech, aiming to inspire future IT leaders.